Bug 1905645 (CVE-2020-17530)
| Summary: | CVE-2020-17530 struts2: using forced OGNL evaluation on untrusted user input can lead to a RCE and security degradation | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Guilherme de Almeida Suckevicz <gsuckevi> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED NOTABUG | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | unspecified | CC: | aboyko, aileenc, asoldano, atangrin, bbaranow, bmaxwell, brian.stansberry, cdewolf, chazlett, darran.lofthouse, dbhole, dkreling, dosoudil, drieden, eleandro, extras-orphan, ggaughan, gmalinko, gvarsami, iweiss, janstey, java-sig-commits, jawilson, jcoleman, jjelen, jochrist, jperkins, jwon, kconner, krathod, kwills, ldimaggi, lgao, loleary, mmraka, msochure, msvehla, nwallace, pjindal, pmackay, puntogil, rguimara, rstancel, rsvoboda, rwagner, smaestri, spinder, tcunning, theute, tkirby, tom.jenkinson |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Struts 2.5.26 | Doc Type: | If docs needed, set a value |
| Doc Text: |
A flaw was found in the Apache Struts frameworks. When forced, some of the tag's attributes perform a double evaluation if a developer applies forced OGNL evaluation by using the %{...} syntax. Using a forced OGNL evaluation on untrusted user input allows an attacker to perform remote code execution and security degradation. The highest threat from this vulnerability is to data confidentiality, integrity as well as system availability.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2020-12-09 06:47:00 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 1905646 | ||
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-17530 Statement: Apache Struts2 is not compiled, shipped, used, or enabled in Red Hat products. As such, any CVE against Apache Struts2 does not impact currently supported Red Hat products. This statement was last revised on 1 Sept 2020. Previous statement example: https://bugzilla.redhat.com/show_bug.cgi?id=1469265 |
Some of the tag's attributes could perform a double evaluation if a developer applied forced OGNL evaluation by using the %{...} syntax. Using forced OGNL evaluation on untrusted user input can lead to a Remote Code Execution and security degradation. Reference: https://cwiki.apache.org/confluence/display/WW/S2-061